The breach came to light in August this year following a press release from Continental AG, though at the time, the company did not say that any data was stolen in the incident. However, LockBit has threatened to publish “all available data” on its data leak site today at 3:45 PM (UTC). The group has not revealed any details regarding the kind of data it claims was pried away from Continental AG. Continental AG, or Continental, is a multinational company that specializes in automotive parts and is best known for its tires. The company employs close to 193,000 around the world, and its clients include major car manufacturers such as Volkswagen, Ford, Volvo, BMW, and General Motors.
Details About the Continental AG Cyberattack
On Aug. 24, Continental released a statement regarding a cybersecurity breach. In the announcement, Continental said that malicious actors had breached certain parts of the company’s IT systems, adding that it detected the breach in early August and averted the attack without any impact on its business activities or its third-party partners. “Immediately after the attack was discovered, Continental took all necessary defensive measures to restore the full integrity of its IT systems,” Continental stated. “With the support of external cybersecurity experts, the company is conducting an investigation into the incident.” At the time, the company did not reveal any other information regarding the incident, including details about the responsible actor. On Nov. 2, the LockBit ransomware group claimed responsibility for the incident on its data leak site, threatening to publish all the stolen data before the end of the week. When asked about LockBit’s claims by media outlets, Continental’s VP of Communications & Marketing, Kathryn Blackwell, did not provide any confirmation, instead pointing to the original Aug. 24 press release. “Please see the statement we have issued on this topic. Unfortunately, I cannot provide you with any further details,” Blackwell told Bleeping Computer.
About LockBit Ransomware Group
The LockBit ransomware group has been active since September 2019. At the time, it primarily functioned as a Ransomware-as-a-Service (RaaS) operation and found itself on INTERPOL’s radar in 2020. Last August, Accenture revealed it was the victim of LockBit 2.0 RaaS, with the group demanding a ransom of $50 million. The European Union Agency for Cybersecurity (ENISA) noted that LockBit was one of the most prolific ransomware groups between May 2021 and June 2022. In fact, LockBit 2.0 accounted for 40% of ransomware attacks tracked by the NCCGroup in May. The group also announced the latest version of its RaaS, Lockbit 3.0, this June. It includes an option for ZCash token payments. Usually, ransomware groups publicly threaten to release stolen information to pressure their victims into paying a ransom. It is likely that Continental previously refused LockBit’s demands or did not respond to the group’s communications. If this article piqued your interest, and you want to learn more about ransomware gangs and organized cybercrime, make sure to check out our full guide on Ransomware-as-a-Service.